Network transparancy api review.

Rob Scheepmaker r.scheepmaker at student.utwente.nl
Wed Jun 24 00:21:44 CEST 2009


On Tuesday 23 June 2009 19:42:55 Fabrizio Montesi wrote:
> On Tue, Jun 23, 2009 at 7:05 PM, Rob Scheepmaker <
>
> r.scheepmaker at student.utwente.nl> wrote:
> > Hello everybody,
> >
> > [cut]
>
> Hi Rob,
> just a quick comment about identifying remote machines. What about
> combining public key authentication with the bluetooth pairing method (the
> host writes a PIN, the client is asked for the PIN, the two PINs must
> match)?
> This way if the user is too lazy to check the public key we reduce greatly
> the attacker's possibilities. Using this approach we'd have to face the
> fact that a lazy user could write "1234" as a PIN, too: the host side UI
> for writing the PIN should warn the user that things like "1234" are not
> such a good idea.

A quite good idea. So the first time we receive a new key we ask for a 
password at both sides which have to match. And if the key is already there 
then this step isn't necesarry. I'll think about how to integrate this nicely 
with the api.



More information about the Plasma-devel mailing list